SONAR-16131 Add missing CWEs to standards.json

server/sonar-web/package.json

@@ -120,6 +120,7 @@
     "jest": "27.4.7",
     "jest-emotion": "10.0.32",
     "jest-junit": "13.0.0",
+    "jsdom": "16.7.0",
     "path-browserify": "1.0.1",
     "postcss-calc": "7.0.2",
     "postcss-custom-properties": "9.1.1",
@@ -142,7 +143,8 @@
     "ts-check": "tsc --noEmit",
     "validate": "yarn lint && yarn ts-check && yarn format-check && yarn test",
     "validate-ci": "yarn install --immutable && yarn test --coverage --maxWorkers=4 --ci",
-    "check-ci": "yarn install --immutable && yarn ts-check && yarn format-check"
+    "check-ci": "yarn install --immutable && yarn ts-check && yarn format-check",
+    "update-cwes": "node scripts/update-cwes.js"
   },
   "engines": {
     "node": ">=8"

server/sonar-web/scripts/update-cwes.js

@@ -0,0 +1,132 @@
+/*
+ * SonarQube
+ * Copyright (C) 2009-2022 SonarSource SA
+ * mailto:info AT sonarsource DOT com
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 3 of the License, or (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public License
+ * along with this program; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
+ */
+/* eslint-disable no-console */
+
+/**
+ * Execute this script by passing the path to the CWE XML definition file.
+ *
+ * You can download the full CWE database in XML format here: https://cwe.mitre.org/data/downloads.html
+ * Make sure to unzip the downloaded file first before passing it to this script.
+ *
+ * Usage:
+ *     node scripts/update-cwes.js PATH
+ *   or:
+ *     yarn update-cwes PATH
+ *
+ * Example:
+ *     node scripts/update-cwes.js ~/Downloads/cwec_v4.6.xml
+ *   or:
+ *     yarn update-cwes ~/Downloads/cwec_v4.6.xml
+ */
+
+const fs = require('fs');
+const chalk = require('chalk');
+const jsdom = require('jsdom');
+const { trim } = require('lodash');
+const path = require('path');
+
+const IGNORED_STATUSES = ['Deprecated'];
+const STANDARDS_JSON_FILE = path.join(
+  __dirname,
+  '..',
+  'src',
+  'main',
+  'js',
+  'helpers',
+  'standards.json'
+);
+
+const xmlContent = readXMLContent(process.argv[2]);
+const newCWEs = getCWEs(xmlContent);
+writeToStandardsJson(newCWEs);
+
+function readXMLContent(xmlPath) {
+  if (fs.existsSync(xmlPath)) {
+    try {
+      fs.accessSync(xmlPath, fs.constants.R_OK);
+      return fs.readFileSync(xmlPath).toString();
+    } catch (e) {
+      console.error(chalk.red(`No read access for XML file '${xmlPath}'`));
+      throw e;
+    }
+  } else {
+    console.error(chalk.red(`Cannot find XML file '${xmlPath}'`));
+    throw Error('');
+  }
+}
+
+function getCWEs(xml) {
+  const document = new jsdom.JSDOM(xml);
+  const weaknesses = document.window.document.querySelectorAll('Weaknesses Weakness');
+  const cwes = {
+    unknown: {
+      title: 'No CWE associated'
+    }
+  };
+
+  weaknesses.forEach(weakness => {
+    const id = weakness.getAttribute('ID');
+    const title = weakness.getAttribute('Name');
+    const status = weakness.getAttribute('Status');
+    let description = '';
+
+    if (!id) {
+      return;
+    }
+
+    if (IGNORED_STATUSES.includes(status)) {
+      return;
+    }
+
+    if (!title) {
+      console.log(chalk.yellow(`No Name attribute found for CWE '${id}'. Skipping.`));
+      return;
+    }
+
+    const descriptionEl = weakness.querySelector('Description');
+    if (descriptionEl) {
+      description = trim(descriptionEl.textContent);
+    }
+
+    cwes[id] = { title, description };
+  });
+
+  return cwes;
+}
+
+function writeToStandardsJson(cwes) {
+  try {
+    fs.accessSync(STANDARDS_JSON_FILE, fs.constants.W_OK);
+  } catch (e) {
+    console.error(chalk.red(`No write access for standards.json ('${STANDARDS_JSON_FILE}') file`));
+    throw e;
+  }
+
+  try {
+    const json = JSON.parse(fs.readFileSync(STANDARDS_JSON_FILE).toString());
+    json.cwe = cwes;
+    fs.writeFileSync(STANDARDS_JSON_FILE, JSON.stringify(json, undefined, 2));
+  } catch (e) {
+    console.error(
+      chalk.red(`Failed to write data to standards.json ('${STANDARDS_JSON_FILE}') file`)
+    );
+    throw e;
+  }
+}

server/sonar-web/yarn.lock

@@ -3392,6 +3392,7 @@ __metadata:
     jest: 27.4.7
     jest-emotion: 10.0.32
     jest-junit: 13.0.0
+    jsdom: 16.7.0
     keymaster: 1.6.2
     lodash: 4.17.21
     lunr: 2.3.9
@@ -8305,7 +8306,7 @@ __metadata:
   languageName: node
   linkType: hard
 
-"jsdom@npm:^16.6.0":
+"jsdom@npm:16.7.0, jsdom@npm:^16.6.0":
   version: 16.7.0
   resolution: "jsdom@npm:16.7.0"
   dependencies: